我有点遇到这个例外:
java.lang.RuntimeException: error:0407806d:RSA routines:decrypt:DATA_LEN_NOT_EQUAL_TO_MOD_LEN
at com.android.org.conscrypt.NativeCrypto.RSA_private_decrypt(Native Method)
at com.android.org.conscrypt.OpenSSLCipherRSA.engineDoFinal(OpenSSLCipherRSA.java:274)
at javax.crypto.Cipher.doFinal(Cipher.java:1440)
at javax.crypto.CipherInputStream.close(CipherInputStream.java:190)
...
当我关闭Android Marshmallow上的CipherInputStream时抛出它。一切似乎都适用于早期的Android版本。
DATA_LEN_NOT_EQUAL_TO_MOD_LEN是什么意思?为什么它应该解密(调用RSA_private_decrypt)何时应该释放资源句柄(关闭)?
更新:
我设法用一些测试代码重现错误。它加密和解密"foobar"。一次直接使用密码,一次使用CipherInputStream(就像在原始应用程序中完成的那样)。
一切都适用于android< 6,非流媒体代码甚至可以在android 6上运行。
当我将显式密码RSA/ECB/PKCS1Padding更改为通用RSA时,我能够将流代码用于android 6。
但我敢打赌,这是有原因的;)
static final String RSA_ALGO = "RSA/ECB/PKCS1Padding";
// static final String RSA_ALGO = "RSA";
private void _testCrypto2() throws Exception {
KeyPairGenerator keyGen;
KeyPair keys;
byte[] encrypted;
byte[] decrypted;
String input;
String output;
keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
keys = keyGen.generateKeyPair();
input = "foobar";
// Plain crypto.
encrypted = this.RSAEncrypt(input, keys.getPublic());
output = this.RSADecrypt(encrypted, keys.getPrivate());
// Streaming crypto.
encrypted = this.RSAEncryptStream(input, keys.getPublic());
output = this.RSADecryptStream(encrypted, keys.getPrivate());
}
public byte[] RSAEncrypt(final String plain, PublicKey _publicKey) throws Exception {
byte[] encryptedBytes;
Cipher cipher;
cipher = Cipher.getInstance(RSA_ALGO);
cipher.init(Cipher.ENCRYPT_MODE, _publicKey);
encryptedBytes = cipher.doFinal(plain.getBytes());
return encryptedBytes;
}
public String RSADecrypt(final byte[] encryptedBytes, PrivateKey _privateKey) throws Exception {
Cipher cipher;
byte[] decryptedBytes;
String decrypted;
cipher = Cipher.getInstance(RSA_ALGO);
cipher.init(Cipher.DECRYPT_MODE, _privateKey);
decryptedBytes = cipher.doFinal(encryptedBytes);
decrypted = new String(decryptedBytes);
return decrypted;
}
public byte[] RSAEncryptStream(final String _plain, PublicKey _publicKey) throws Exception {
Cipher cipher;
InputStream in;
ByteArrayOutputStream out;
int numBytes;
byte buffer[] = new byte[0xffff];
in = new ByteArrayInputStream(_plain.getBytes());
out = new ByteArrayOutputStream();
cipher = Cipher.getInstance(RSA_ALGO);
cipher.init(Cipher.ENCRYPT_MODE, _publicKey);
try {
in = new CipherInputStream(in, cipher);
while ((numBytes = in.read(buffer)) != -1) {
out.write(buffer, 0, numBytes);
}
}
finally {
in.close();
}
return out.toByteArray();
}
public String RSADecryptStream(final byte[] _encryptedBytes, PrivateKey _privateKey) throws Exception {
Cipher cipher;
InputStream in;
ByteArrayOutputStream out;
int numBytes;
byte buffer[] = new byte[0xffff];
in = new ByteArrayInputStream(_encryptedBytes);
out = new ByteArrayOutputStream();
cipher = Cipher.getInstance(RSA_ALGO);
cipher.init(Cipher.DECRYPT_MODE, _privateKey);
try {
in = new CipherInputStream(in, cipher);
while ((numBytes = in.read(buffer)) != -1) {
out.write(buffer, 0, numBytes);
}
}
finally {
in.close();
}
return new String(out.toByteArray());
}
但是,看起来修复有两个方向:
您怎么看?
答案 0 :(得分:4)
看起来android的默认安全提供程序有一些变化。
Cipher c;
Provider p;
StringBuilder bldr;
c = Cipher.getInstance("RSA");
p = cipher.getProvider();
bldr = new StringBuilder();
bldr.append(_p.getName())
.append(" ").append(_p.getVersion())
.append(" (").append(_p.getInfo()).append(")");
Log.i("test", bldr.toString());
似乎在所有经过测试的Android版本上使用了一个版本的BouncyCastle(我测试到了2.3):
BC 1.5 (BouncyCastle Security Provider v1.50) BC 1.52 (BouncyCastle Security Provider v1.52) 但是,“显式”密码改变了一些东西:
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
BC 1.46 (BouncyCastle Security Provider v1.46) AndroidOpenSSL 1.0 (Android's OpenSSL-backed security provider) AndroidOpenSSL 1.0 (Android's OpenSSL-backed security provider) AndroidKeyStoreBCWorkaround 1.0 (Android KeyStore security provider to work around Bouncy Castle) 所以最终的解决方案是将提供程序显式设置为BouncyCastle,它正在处理所有经过测试的Android版本,即使是使用流式传输:
Provider p;
Cipher c;
p = Security.getProvider("BC");
c = Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
当我得到一个android7预览版时,我很想测试这个。